www.synopsys.com | a
j
b
r
Thick Client Testing
Customized to fit the unique needs of your thick client software
Since thick client applications include both local and server-side processing and often use proprietary protocols for
communication, they require a different approach to security testing. Simple, automated vulnerability assessment
scanning isn’t enough. That is why we customize each test to the application.
Our approach is as unique as your thick client software
Our thick client application penetration tests include a risk-based analysis of both the thick client software and serverside APIs that it communicates with. This enables us to identify:
•
•
•
•
High-risk areas in the system
Assets
Attackers
Potential attack vectors
Our risk-based approach combines four tracks of analysis
Our thick client software testing process takes a risk-based approach that covers the following four areas:
1. Configuration analysis
Our experts analyze your thick client’s configuration, which exposes both default configuration problems as well as ways
in which the application could potentially be configured to bypass security controls.
2. Network communication analysis
With many thick clients, most attacks of concern are ones that can be executed remotely. When this is the case, we
intercept and analyze network communication in depth.
3. Server analysis
The primary purpose of most thick clients is to expose some server-side functionality. Vulnerabilities in the server-side
code are often important because a successful exploit may impact all thick clients or central data stores. We analyze
the server software using various manual and automated tools during this phase.
Simple, automated scanning isn’t enough.
4. Client analysis
We analyze the thick client software itself using various tools.
The activities during this phase are highly dependent on the
specific software and attacks of concern, and may include
activities such as performing memory dumps, testing IPC
channels that may permit privilege escalation, fuzzing file
inputs, and in-depth reverse engineering.
Our approach involves
creating a penetration test
plan that identifies and
prioritizes testing scenarios
based on risk.
We ride with you until the end
At the end of each assessment we will conduct a read-out
call with your development team to walk you through:
• Positive findings
• Prioritized vulnerabilities based on their likelihood and impact if exploited
• Mitigation recommendations for each vulnerability
The Synopsys Difference
Synopsys offers the most comprehensive solution for integrating security and quality into your SDLC and supply chain.
Whether you’re well-versed in software security or just starting out, we provide the tools you need to ensure the integrity
of the applications that power your business. Our holistic approach to software security combines best-in-breed
products, industry-leading experts, and a broad portfolio of managed and professional services that work together
to improve the accuracy of findings, speed up the delivery of results, and provide solutions for addressing unique
application security challenges. We don’t stop when the test is over. Our experts also provide remediation guidance,
program design services, and training that empower you to build and maintain secure software.
For more information go to www.synopsys.com/software.
Synopsys Inc.
185 Berry Street, Suite 6500
San Francisco, CA 94107 USA
U.S. Sales: (800) 873-8193
International Sales: +1 (415) 321-5237
Email: [email protected]
© Copyright 2017 Synopsys, Inc. All Rights Reserved Worldwide. | www.synopsys.com | a
j
b
r